Pretty
Good Privacy (PGP)

If
privacy is outlawed, only outlaws will have privacy. Intelligence agencies
have access to
good cryptographic technology. So do the big arms and drug traffickers. So do
defense contractors, oil companies, and other corporate giants. But
ordinary people and grassroots political organizations mostly have
not had access
to affordable military grade public-key cryptographic technology. Until now.

PGP
empowers people to take their privacy into their own hands. There's a growing
social need for it. That's why I wrote it.

- Philip Zimmermann,
Why
Do You Need PGP?.

PGP places Public
Key Cryptography in the hands of every Internet user. Philip Zimmermann
took a great personal risk in creating PGP and making it available to the world
against the strong wishes of the US Government. While a difficult battle,
he
succeeded,
and the
program is now used around the world as the primary Internet encryption
standard for email.
The following subsections provide more information on PGP:

PGP History. An otherwise quiet fellow named Philip
Zimmermann
obtained a bachelor's degree in computer science from Florida Atlantic University
in 1978. He then worked as a software engineer with cryptographic systems, communications,
and real-time systems.

On 17 April, 1991, the New York Times reported that
the following non-binding resolution had been added to Bill 266 in the US Senate
to encourage industry to add trap-doors
to their networking equipment, of course including Internet networking equipment:

"It
is the sense of Congress that providers of electronic communications services
and manufacturers of electronic communications service equipment shall insure
that communications systems permit the Government to obtain the plain text contents
of voice, data, and other communications when appropriately authorized by law."

Even though the bill was not passed, Zimmermann understood the resolution to
mean that the US Government was one step away from introducing legislation outlawing
secure communication systems for use by private citizens, thereby giving the state
the ability to eavesdrop on any communications at any time. Indeed, legislation
that made public key cryptography a form of protected munitions was introduced
shortly thereafter, and then signed into law.

However, not before Zimmermann,
working quickly to beat the legislation, invented the Pretty Good Privacy (PGP)
program based on the RSA public-key
cryptography algorithm. Zimmermann then released PGP 1.0 as freeware.
Not long afterwards, Kelly
Goen uploaded the PGP program onto some bulletin
board systems, and shortly after that it was uploaded onto the Usenet
newsgroups where the cat escaped around the world.

Government
investigation. Shocked and dismayed, the US Government then opened a criminal
investigation of Zimmermann, Goen, and others to see if there was some way to
penalize them retroactively for developing and distributing PGP. The two sides
of
this
old
argument
are summarized below:

Government's
view. PGP provides an implementation of Public Key Cryptography, one of the
most powerful technologies ever invented by humankind, and could be used as
easily for ill purposes as for good. Up
to that point, Government action had kept PKC out of the hands of most renegade
countries, criminal organizations, and terrorist groups, and the work Zimmermann
and
friends did on PGP rendered that work moot.
The
US
Government
believed
they had a responsibility to restrict access to this technology as long as possible
as a matter of overriding public safety -- doing their jobs.

Individual's
view. No matter how you dress it up, this is a basic issue of freedom
of
speech.
The possibility that some people might use the technology for ill purposes was
no reason to withhold it from everyone else. There is no right or need for the
state to read all communications conducted by private individuals.
Zimmermann
believed
he
had a responsibility to put PGP in the hands of anyone that wanted
to
have
private communications
with someone else as a basic human right.

The individual rights view finally prevailed. The investigations
of Zimmermann and supporters were finally dropped in early 1996 under strong
pressure
from
free
speech advocates and civil rights organizations
around the world. Also in 1996, Zimmermann founded the software company PGP,
which was then bought by Network
Associates
in December 1997, where Zimmermann became a Senior Fellow as well as
an
independent
consultant, and which was later bought by McAfee.

Free software escapes. Zimmermann
had based PGP 1.0 on the openly published RSA algorithm, and specified in
the documentation that it was a user's responsibility to get a license
if they wanted to use the software:

"The
RSA public key cryptosystem was developed at MIT with Federal funding from grants
from the National Science Foundation and the Navy. It is patented by MIT (U.S.
patent #4,405,829,
issued 20 Sep 1983). A company called Public Key Partners (PKP) holds the exclusive
commercial license to sell and sub-license the RSA public key cryptosystem. For
licensing details on the RSA algorithm, you can contact Robert Fougner at PKP,
at 408/735-6779. The author of this software implementation of the RSA algorithm
is providing this implementation for educational use only. Licensing this algorithm
from PKP is the responsibility of you, the user, not Philip Zimmermann, the author
of this software implementation."

Nevertheless, RSA
immediately complained to Zimmermann that PGP enabled unlicensed use by unscrupulous
users, an argument which didn't impress Zimmermann
any more than the US Government's similar argument had earlier. Finally, they
reached an agreement where RSA agreed not to bring legal action against Zimmermann,
and Zimmermann agreed to stop distributing PGP, which was a small compromise
since
the program was already being developed and distributed by others around the
world.

Not
long afterwards, with Zimmermann's approval, MIT released PGP 2.5 based on the
originally developed RSAREF 1.0 algorithm. RSA immediately complained about
violation
of their rights, but the situation was complicated... since MIT had a part interest
in the original patent, RSA
decided against further action.

MIT then began functioning as the
official distributor of
PGP. MIT and Zimmermann published a book that contained the PGP source code written
in the C programming language, and printed
in a special font designed to be easily read by computer scanners, which was legal
since the US Supreme Court had consistently refused to ban any written expression.

However,
while legal within the US, the MIT PGP version was still technically illegal
internationally due to US export controls, so Stale Schumacher developed
PGP 2.6xi using Zimmermann's original big integer library MPILIB. This made
a
version of PGP available around
the world without
legal restrictions for the first time.